<?php 
/**
========================SQL QUERY==============================
**/
function exe($query)
{
    global $cnn;
    return mysql_query($query, $cnn);
}

function first_row($query)
{
    global $cnn;
    $result = exe($query);
    if ($result)
        return mysql_fetch_array($result);
    else
        return false;
}

function next_row($result)
{
    return mysql_fetch_array($result); 
}

/**
===============================USER===============================
**/
//add user
function add_user($user_info)
{
    $username       = $user_info['username'];
    $user_password  = md5($user_info['password']);
    $user_nick      = $user_info['fullname'];
    $user_email     = $user_info['email'];
    $user_phone     = $user_info['tel'];

    $sql = "INSERT INTO `users`(`username`, `fullname`, `password`,
            `email`, `tel`)
             VALUES ('$username', '$user_nick', '$user_password',
             '$user_email', '$user_phone')";
    
    return exe($sql);
}

//check username
function check_username($username)
{
    $sql = "SELECT * FROM USERS WHERE username = '$username'";
    if (first_row($sql)) {
        return false;
    }
    else
    {
        return true;
    }
}

//check username
function check_email($email)
{
    $sql = "SELECT * FROM USER WHERE user_email = '$email'";
    if (first_row($sql)) {
        return false;
    }
    else
    {
        return true;
    }
}

//change user infomation
function change_password($username, $password)
{
    //change password
        $user_password  = md5($password);
        $sql = "UPDATE `users` SET `password`='$user_password' WHERE `username` = '$username'";
        return exe($sql);   
}

//change user infomation
function change_user_info($username, $user_info)
{
    $fullname   = $user_info['fullname'];
    $email      = $user_info['email'];
    $tel        = $user_info['tel'];
    $sql = "UPDATE `users` 
            SET `fullname`='$fullname', email='$email', tel='$tel'
            WHERE username = '$username'";
    return exe($sql);
}

//check login. Return true if username & password match database
function login_check($username, $password)
{
    $password = md5($password);
    $sql = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$password'";
    return first_row($sql);
}

//get current user
function get_logged_in_user()
{
    if(isset($_SESSION['username']))
    {
        $username = $_SESSION['username'];
        $sql = "SELECT * FROM `users` WHERE username = '$username'";
        return first_row($sql);
    }
    return "non user";
}

//get nickname by username
function get_nickname_by_id($user_id)
{
    $sql = "SELECT `user_nick` FROM `USER` WHERE `user_id` = '$user_id'";
    $result = first_row($sql);
    if($result){
        $nick = $result['user_nick'];
    }else{
        $nick = $result;
    }

    return $nick;
}

function is_logged_in()
{
    if(isset($_SESSION['username']))
        return true;
    return false;
}

function logout() {
    session_start();
    session_destroy();
}

function forgetPwd($email, $newpwd) {
    $user_password  = md5($newpwd);
    $sql = "UPDATE `user` SET `user_password`='$user_password' WHERE user_email = $email";
    return exe($sql);
}

function emailExist($email) {
    $sql = "SELECT * FROM `user` WHERE user_email=$email";
    if(exe($sql)) return exe($sql);
    else return false;
}

function get_email_by_username($username) {
    $sql = "SELECT user_email FROM `user` WHERE `username`='$username'";
    return first_row($sql);
}

?>